Accepting request 1173931 from home:Andreas_Schwab:Factory
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599, bsc#1223423, BZ #31677) - glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch: nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch: nscd: Do not send missing not-found response in addgetnetgrentX (CVE-2024-33600, bsc#1223424, BZ #31678) - glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, CVE-2024-33602, bsc#1223425, BZ #31680) - nscd-netgroup-cache-timeout.patch: Use time_t for return type of addgetnetgrentX (CVE-2024-33602, bsc#1223425) - utmp-time-bits.patch: login: structs utmp, utmpx, lastlog _TIME_BITS independence (BZ #30701) - elf-parse-tunables.patch: elf: Only process multiple tunable once (BZ #31686) OBS-URL: https://build.opensuse.org/request/show/1173931 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=707
This commit is contained in:
parent
98ab6167bc
commit
b08edd98b2
215
elf-parse-tunables.patch
Normal file
215
elf-parse-tunables.patch
Normal file
@ -0,0 +1,215 @@
|
|||||||
|
From 71149c2a2e85a8233631cc816030d449f021bb2a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||||
|
Date: Mon, 6 May 2024 13:18:45 -0300
|
||||||
|
Subject: [PATCH] elf: Only process multiple tunable once (BZ 31686)
|
||||||
|
|
||||||
|
The 680c597e9c3 commit made loader reject ill-formatted strings by
|
||||||
|
first tracking all set tunables and then applying them. However, it does
|
||||||
|
not take into consideration if the same tunable is set multiple times,
|
||||||
|
where parse_tunables_string appends the found tunable without checking
|
||||||
|
if it was already in the list. It leads to a stack-based buffer overflow
|
||||||
|
if the tunable is specified more than the total number of tunables. For
|
||||||
|
instance:
|
||||||
|
|
||||||
|
GLIBC_TUNABLES=glibc.malloc.check=2:... (repeat over the number of
|
||||||
|
total support for different tunable).
|
||||||
|
|
||||||
|
Instead, use the index of the tunable list to get the expected tunable
|
||||||
|
entry. Since now the initial list is zero-initialized, the compiler
|
||||||
|
might emit an extra memset and this requires some minor adjustment
|
||||||
|
on some ports.
|
||||||
|
|
||||||
|
Checked on x86_64-linux-gnu and aarch64-linux-gnu.
|
||||||
|
|
||||||
|
Reported-by: Yuto Maeda <maeda@cyberdefense.jp>
|
||||||
|
Reported-by: Yutaro Shimizu <shimizu@cyberdefense.jp>
|
||||||
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
(cherry picked from commit bcae44ea8536b30a7119c0986ff5692bddacb672)
|
||||||
|
---
|
||||||
|
elf/dl-tunables.c | 28 ++++++----
|
||||||
|
elf/tst-tunables.c | 61 +++++++++++++++++++++-
|
||||||
|
sysdeps/aarch64/multiarch/memset_generic.S | 4 ++
|
||||||
|
sysdeps/sparc/sparc64/rtld-memset.c | 3 ++
|
||||||
|
4 files changed, 84 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
|
||||||
|
index 03e1a68675..614ac9c047 100644
|
||||||
|
--- a/elf/dl-tunables.c
|
||||||
|
+++ b/elf/dl-tunables.c
|
||||||
|
@@ -32,6 +32,7 @@
|
||||||
|
#include <ldsodefs.h>
|
||||||
|
#include <array_length.h>
|
||||||
|
#include <dl-minimal-malloc.h>
|
||||||
|
+#include <dl-symbol-redir-ifunc.h>
|
||||||
|
|
||||||
|
#define TUNABLES_INTERNAL 1
|
||||||
|
#include "dl-tunables.h"
|
||||||
|
@@ -223,6 +224,7 @@ parse_tunables_string (const char *valstring, struct tunable_toset_t *tunables)
|
||||||
|
{
|
||||||
|
tunables[ntunables++] =
|
||||||
|
(struct tunable_toset_t) { cur, value, p - value };
|
||||||
|
+
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
@@ -234,23 +236,27 @@ parse_tunables_string (const char *valstring, struct tunable_toset_t *tunables)
|
||||||
|
static void
|
||||||
|
parse_tunables (const char *valstring)
|
||||||
|
{
|
||||||
|
- struct tunable_toset_t tunables[tunables_list_size];
|
||||||
|
- int ntunables = parse_tunables_string (valstring, tunables);
|
||||||
|
- if (ntunables == -1)
|
||||||
|
+ struct tunable_toset_t tunables[tunables_list_size] = { 0 };
|
||||||
|
+ if (parse_tunables_string (valstring, tunables) == -1)
|
||||||
|
{
|
||||||
|
_dl_error_printf (
|
||||||
|
"WARNING: ld.so: invalid GLIBC_TUNABLES `%s': ignored.\n", valstring);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- for (int i = 0; i < ntunables; i++)
|
||||||
|
- if (!tunable_initialize (tunables[i].t, tunables[i].value,
|
||||||
|
- tunables[i].len))
|
||||||
|
- _dl_error_printf ("WARNING: ld.so: invalid GLIBC_TUNABLES value `%.*s' "
|
||||||
|
- "for option `%s': ignored.\n",
|
||||||
|
- (int) tunables[i].len,
|
||||||
|
- tunables[i].value,
|
||||||
|
- tunables[i].t->name);
|
||||||
|
+ for (int i = 0; i < tunables_list_size; i++)
|
||||||
|
+ {
|
||||||
|
+ if (tunables[i].t == NULL)
|
||||||
|
+ continue;
|
||||||
|
+
|
||||||
|
+ if (!tunable_initialize (tunables[i].t, tunables[i].value,
|
||||||
|
+ tunables[i].len))
|
||||||
|
+ _dl_error_printf ("WARNING: ld.so: invalid GLIBC_TUNABLES value `%.*s' "
|
||||||
|
+ "for option `%s': ignored.\n",
|
||||||
|
+ (int) tunables[i].len,
|
||||||
|
+ tunables[i].value,
|
||||||
|
+ tunables[i].t->name);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Initialize the tunables list from the environment. For now we only use the
|
||||||
|
diff --git a/elf/tst-tunables.c b/elf/tst-tunables.c
|
||||||
|
index 095b5c81d9..dff34ed748 100644
|
||||||
|
--- a/elf/tst-tunables.c
|
||||||
|
+++ b/elf/tst-tunables.c
|
||||||
|
@@ -17,6 +17,10 @@
|
||||||
|
<https://www.gnu.org/licenses/>. */
|
||||||
|
|
||||||
|
#include <array_length.h>
|
||||||
|
+/* The test uses the tunable_list size, which is only exported for
|
||||||
|
+ ld.so. This will result in a copy of tunable_list, which is ununsed by
|
||||||
|
+ the test itself. */
|
||||||
|
+#define TUNABLES_INTERNAL 1
|
||||||
|
#include <dl-tunables.h>
|
||||||
|
#include <getopt.h>
|
||||||
|
#include <intprops.h>
|
||||||
|
@@ -24,12 +28,13 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <support/capture_subprocess.h>
|
||||||
|
#include <support/check.h>
|
||||||
|
+#include <support/support.h>
|
||||||
|
|
||||||
|
static int restart;
|
||||||
|
#define CMDLINE_OPTIONS \
|
||||||
|
{ "restart", no_argument, &restart, 1 },
|
||||||
|
|
||||||
|
-static const struct test_t
|
||||||
|
+static struct test_t
|
||||||
|
{
|
||||||
|
const char *name;
|
||||||
|
const char *value;
|
||||||
|
@@ -284,6 +289,29 @@ static const struct test_t
|
||||||
|
0,
|
||||||
|
0,
|
||||||
|
},
|
||||||
|
+ /* Also check for repeated tunables with a count larger than the total number
|
||||||
|
+ of tunables. */
|
||||||
|
+ {
|
||||||
|
+ "GLIBC_TUNABLES",
|
||||||
|
+ NULL,
|
||||||
|
+ 2,
|
||||||
|
+ 0,
|
||||||
|
+ 0,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ "GLIBC_TUNABLES",
|
||||||
|
+ NULL,
|
||||||
|
+ 1,
|
||||||
|
+ 0,
|
||||||
|
+ 0,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ "GLIBC_TUNABLES",
|
||||||
|
+ NULL,
|
||||||
|
+ 0,
|
||||||
|
+ 0,
|
||||||
|
+ 0,
|
||||||
|
+ },
|
||||||
|
};
|
||||||
|
|
||||||
|
static int
|
||||||
|
@@ -327,6 +355,37 @@ do_test (int argc, char *argv[])
|
||||||
|
spargv[i] = NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Create a tunable line with the duplicate values with a total number
|
||||||
|
+ larger than the different number of tunables. */
|
||||||
|
+ {
|
||||||
|
+ enum { tunables_list_size = array_length (tunable_list) };
|
||||||
|
+ const char *value = "";
|
||||||
|
+ for (int i = 0; i < tunables_list_size; i++)
|
||||||
|
+ value = xasprintf ("%sglibc.malloc.check=2%c",
|
||||||
|
+ value,
|
||||||
|
+ i == (tunables_list_size - 1) ? '\0' : ':');
|
||||||
|
+ tests[33].value = value;
|
||||||
|
+ }
|
||||||
|
+ /* Same as before, but the last tunable values is differen than the
|
||||||
|
+ rest. */
|
||||||
|
+ {
|
||||||
|
+ enum { tunables_list_size = array_length (tunable_list) };
|
||||||
|
+ const char *value = "";
|
||||||
|
+ for (int i = 0; i < tunables_list_size - 1; i++)
|
||||||
|
+ value = xasprintf ("%sglibc.malloc.check=2:", value);
|
||||||
|
+ value = xasprintf ("%sglibc.malloc.check=1", value);
|
||||||
|
+ tests[34].value = value;
|
||||||
|
+ }
|
||||||
|
+ /* Same as before, but with an invalid last entry. */
|
||||||
|
+ {
|
||||||
|
+ enum { tunables_list_size = array_length (tunable_list) };
|
||||||
|
+ const char *value = "";
|
||||||
|
+ for (int i = 0; i < tunables_list_size - 1; i++)
|
||||||
|
+ value = xasprintf ("%sglibc.malloc.check=2:", value);
|
||||||
|
+ value = xasprintf ("%sglibc.malloc.check=1=1", value);
|
||||||
|
+ tests[35].value = value;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
for (int i = 0; i < array_length (tests); i++)
|
||||||
|
{
|
||||||
|
snprintf (nteststr, sizeof nteststr, "%d", i);
|
||||||
|
diff --git a/sysdeps/aarch64/multiarch/memset_generic.S b/sysdeps/aarch64/multiarch/memset_generic.S
|
||||||
|
index 81748bdbce..e125a5ed85 100644
|
||||||
|
--- a/sysdeps/aarch64/multiarch/memset_generic.S
|
||||||
|
+++ b/sysdeps/aarch64/multiarch/memset_generic.S
|
||||||
|
@@ -33,3 +33,7 @@
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include <../memset.S>
|
||||||
|
+
|
||||||
|
+#if IS_IN (rtld)
|
||||||
|
+strong_alias (memset, __memset_generic)
|
||||||
|
+#endif
|
||||||
|
diff --git a/sysdeps/sparc/sparc64/rtld-memset.c b/sysdeps/sparc/sparc64/rtld-memset.c
|
||||||
|
index 55f3835790..a19202a620 100644
|
||||||
|
--- a/sysdeps/sparc/sparc64/rtld-memset.c
|
||||||
|
+++ b/sysdeps/sparc/sparc64/rtld-memset.c
|
||||||
|
@@ -1 +1,4 @@
|
||||||
|
#include <string/memset.c>
|
||||||
|
+#if IS_IN(rtld)
|
||||||
|
+strong_alias (memset, __memset_ultra1)
|
||||||
|
+#endif
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
@ -1,4 +1,4 @@
|
|||||||
From 87801a8fd06db1d654eea3e4f7626ff476a9bdaa Mon Sep 17 00:00:00 2001
|
From 1263d583d2e28afb8be53f8d6922f0842036f35d Mon Sep 17 00:00:00 2001
|
||||||
From: Florian Weimer <fweimer@redhat.com>
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
Date: Thu, 25 Apr 2024 15:00:45 +0200
|
Date: Thu, 25 Apr 2024 15:00:45 +0200
|
||||||
Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup
|
Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup
|
||||||
@ -8,6 +8,7 @@ Using alloca matches what other caches do. The request length is
|
|||||||
bounded by MAXKEYLEN.
|
bounded by MAXKEYLEN.
|
||||||
|
|
||||||
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||||
|
(cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa)
|
||||||
---
|
---
|
||||||
nscd/netgroupcache.c | 5 +++--
|
nscd/netgroupcache.c | 5 +++--
|
||||||
1 file changed, 3 insertions(+), 2 deletions(-)
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
||||||
@ -33,5 +34,5 @@ index 0c6e46f15c..f227dc7fa2 100644
|
|||||||
|
|
||||||
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
|
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
|
||||||
--
|
--
|
||||||
2.44.0
|
2.45.0
|
||||||
|
|
@ -0,0 +1,60 @@
|
|||||||
|
From c99f886de54446cd4447db6b44be93dabbdc2f8b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Thu, 25 Apr 2024 15:01:07 +0200
|
||||||
|
Subject: [PATCH] CVE-2024-33600: nscd: Avoid null pointer crashes after
|
||||||
|
notfound response (bug 31678)
|
||||||
|
|
||||||
|
The addgetnetgrentX call in addinnetgrX may have failed to produce
|
||||||
|
a result, so the result variable in addinnetgrX can be NULL.
|
||||||
|
Use db->negtimeout as the fallback value if there is no result data;
|
||||||
|
the timeout is also overwritten below.
|
||||||
|
|
||||||
|
Also avoid sending a second not-found response. (The client
|
||||||
|
disconnects after receiving the first response, so the data stream did
|
||||||
|
not go out of sync even without this fix.) It is still beneficial to
|
||||||
|
add the negative response to the mapping, so that the client can get
|
||||||
|
it from there in the future, instead of going through the socket.
|
||||||
|
|
||||||
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
(cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2)
|
||||||
|
---
|
||||||
|
nscd/netgroupcache.c | 11 +++++++----
|
||||||
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
|
||||||
|
index c18fe111f3..e22ffa5884 100644
|
||||||
|
--- a/nscd/netgroupcache.c
|
||||||
|
+++ b/nscd/netgroupcache.c
|
||||||
|
@@ -511,14 +511,15 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
|
||||||
|
datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len,
|
||||||
|
sizeof (innetgroup_response_header),
|
||||||
|
- he == NULL ? 0 : dh->nreloads + 1, result->head.ttl);
|
||||||
|
+ he == NULL ? 0 : dh->nreloads + 1,
|
||||||
|
+ result == NULL ? db->negtimeout : result->head.ttl);
|
||||||
|
/* Set the notfound status and timeout based on the result from
|
||||||
|
getnetgrent. */
|
||||||
|
- dataset->head.notfound = result->head.notfound;
|
||||||
|
+ dataset->head.notfound = result == NULL || result->head.notfound;
|
||||||
|
dataset->head.timeout = timeout;
|
||||||
|
|
||||||
|
dataset->resp.version = NSCD_VERSION;
|
||||||
|
- dataset->resp.found = result->resp.found;
|
||||||
|
+ dataset->resp.found = result != NULL && result->resp.found;
|
||||||
|
/* Until we find a matching entry the result is 0. */
|
||||||
|
dataset->resp.result = 0;
|
||||||
|
|
||||||
|
@@ -566,7 +567,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (he == NULL)
|
||||||
|
+ /* addgetnetgrentX may have already sent a notfound response. Do
|
||||||
|
+ not send another one. */
|
||||||
|
+ if (he == NULL && dataset->resp.found)
|
||||||
|
{
|
||||||
|
/* We write the dataset before inserting it to the database
|
||||||
|
since while inserting this thread might block and so would
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
@ -0,0 +1,59 @@
|
|||||||
|
From 5a508e0b508c8ad53bd0d2fb48fd71b242626341 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Thu, 25 Apr 2024 15:01:07 +0200
|
||||||
|
Subject: [PATCH] CVE-2024-33600: nscd: Do not send missing not-found response
|
||||||
|
in addgetnetgrentX (bug 31678)
|
||||||
|
|
||||||
|
If we failed to add a not-found response to the cache, the dataset
|
||||||
|
point can be null, resulting in a null pointer dereference.
|
||||||
|
|
||||||
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
(cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)
|
||||||
|
---
|
||||||
|
nscd/netgroupcache.c | 14 ++++++--------
|
||||||
|
1 file changed, 6 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
|
||||||
|
index f227dc7fa2..c18fe111f3 100644
|
||||||
|
--- a/nscd/netgroupcache.c
|
||||||
|
+++ b/nscd/netgroupcache.c
|
||||||
|
@@ -147,7 +147,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
/* No such service. */
|
||||||
|
cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
|
||||||
|
&key_copy);
|
||||||
|
- goto writeout;
|
||||||
|
+ goto maybe_cache_add;
|
||||||
|
}
|
||||||
|
|
||||||
|
memset (&data, '\0', sizeof (data));
|
||||||
|
@@ -348,7 +348,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
{
|
||||||
|
cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,
|
||||||
|
&key_copy);
|
||||||
|
- goto writeout;
|
||||||
|
+ goto maybe_cache_add;
|
||||||
|
}
|
||||||
|
|
||||||
|
total = buffilled;
|
||||||
|
@@ -410,14 +410,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
}
|
||||||
|
|
||||||
|
if (he == NULL && fd != -1)
|
||||||
|
- {
|
||||||
|
- /* We write the dataset before inserting it to the database
|
||||||
|
- since while inserting this thread might block and so would
|
||||||
|
- unnecessarily let the receiver wait. */
|
||||||
|
- writeout:
|
||||||
|
+ /* We write the dataset before inserting it to the database since
|
||||||
|
+ while inserting this thread might block and so would
|
||||||
|
+ unnecessarily let the receiver wait. */
|
||||||
|
writeall (fd, &dataset->resp, dataset->head.recsize);
|
||||||
|
- }
|
||||||
|
|
||||||
|
+ maybe_cache_add:
|
||||||
|
if (cacheable)
|
||||||
|
{
|
||||||
|
/* If necessary, we also propagate the data to disk. */
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
390
glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch
Normal file
390
glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch
Normal file
@ -0,0 +1,390 @@
|
|||||||
|
From a9a8d3eebb145779a18d90e3966009a1daa63cd8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Thu, 25 Apr 2024 15:01:07 +0200
|
||||||
|
Subject: [PATCH] CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two
|
||||||
|
buffers in addgetnetgrentX (bug 31680)
|
||||||
|
|
||||||
|
This avoids potential memory corruption when the underlying NSS
|
||||||
|
callback function does not use the buffer space to store all strings
|
||||||
|
(e.g., for constant strings).
|
||||||
|
|
||||||
|
Instead of custom buffer management, two scratch buffers are used.
|
||||||
|
This increases stack usage somewhat.
|
||||||
|
|
||||||
|
Scratch buffer allocation failure is handled by return -1
|
||||||
|
(an invalid timeout value) instead of terminating the process.
|
||||||
|
This fixes bug 31679.
|
||||||
|
|
||||||
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||||
|
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)
|
||||||
|
---
|
||||||
|
nscd/netgroupcache.c | 219 ++++++++++++++++++++++++-------------------
|
||||||
|
1 file changed, 121 insertions(+), 98 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
|
||||||
|
index e22ffa5884..e8fe041846 100644
|
||||||
|
--- a/nscd/netgroupcache.c
|
||||||
|
+++ b/nscd/netgroupcache.c
|
||||||
|
@@ -23,6 +23,7 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <sys/mman.h>
|
||||||
|
+#include <scratch_buffer.h>
|
||||||
|
|
||||||
|
#include "../nss/netgroup.h"
|
||||||
|
#include "nscd.h"
|
||||||
|
@@ -65,6 +66,16 @@ struct dataset
|
||||||
|
char strdata[0];
|
||||||
|
};
|
||||||
|
|
||||||
|
+/* Send a notfound response to FD. Always returns -1 to indicate an
|
||||||
|
+ ephemeral error. */
|
||||||
|
+static time_t
|
||||||
|
+send_notfound (int fd)
|
||||||
|
+{
|
||||||
|
+ if (fd != -1)
|
||||||
|
+ TEMP_FAILURE_RETRY (send (fd, ¬found, sizeof (notfound), MSG_NOSIGNAL));
|
||||||
|
+ return -1;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
/* Sends a notfound message and prepares a notfound dataset to write to the
|
||||||
|
cache. Returns true if there was enough memory to allocate the dataset and
|
||||||
|
returns the dataset in DATASETP, total bytes to write in TOTALP and the
|
||||||
|
@@ -83,8 +94,7 @@ do_notfound (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
total = sizeof (notfound);
|
||||||
|
timeout = time (NULL) + db->negtimeout;
|
||||||
|
|
||||||
|
- if (fd != -1)
|
||||||
|
- TEMP_FAILURE_RETRY (send (fd, ¬found, total, MSG_NOSIGNAL));
|
||||||
|
+ send_notfound (fd);
|
||||||
|
|
||||||
|
dataset = mempool_alloc (db, sizeof (struct dataset) + req->key_len, 1);
|
||||||
|
/* If we cannot permanently store the result, so be it. */
|
||||||
|
@@ -109,11 +119,78 @@ do_notfound (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
return cacheable;
|
||||||
|
}
|
||||||
|
|
||||||
|
+struct addgetnetgrentX_scratch
|
||||||
|
+{
|
||||||
|
+ /* This is the result that the caller should use. It can be NULL,
|
||||||
|
+ point into buffer, or it can be in the cache. */
|
||||||
|
+ struct dataset *dataset;
|
||||||
|
+
|
||||||
|
+ struct scratch_buffer buffer;
|
||||||
|
+
|
||||||
|
+ /* Used internally in addgetnetgrentX as a staging area. */
|
||||||
|
+ struct scratch_buffer tmp;
|
||||||
|
+
|
||||||
|
+ /* Number of bytes in buffer that are actually used. */
|
||||||
|
+ size_t buffer_used;
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+addgetnetgrentX_scratch_init (struct addgetnetgrentX_scratch *scratch)
|
||||||
|
+{
|
||||||
|
+ scratch->dataset = NULL;
|
||||||
|
+ scratch_buffer_init (&scratch->buffer);
|
||||||
|
+ scratch_buffer_init (&scratch->tmp);
|
||||||
|
+
|
||||||
|
+ /* Reserve space for the header. */
|
||||||
|
+ scratch->buffer_used = sizeof (struct dataset);
|
||||||
|
+ static_assert (sizeof (struct dataset) < sizeof (scratch->tmp.__space),
|
||||||
|
+ "initial buffer space");
|
||||||
|
+ memset (scratch->tmp.data, 0, sizeof (struct dataset));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+addgetnetgrentX_scratch_free (struct addgetnetgrentX_scratch *scratch)
|
||||||
|
+{
|
||||||
|
+ scratch_buffer_free (&scratch->buffer);
|
||||||
|
+ scratch_buffer_free (&scratch->tmp);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Copy LENGTH bytes from S into SCRATCH. Returns NULL if SCRATCH
|
||||||
|
+ could not be resized, otherwise a pointer to the copy. */
|
||||||
|
+static char *
|
||||||
|
+addgetnetgrentX_append_n (struct addgetnetgrentX_scratch *scratch,
|
||||||
|
+ const char *s, size_t length)
|
||||||
|
+{
|
||||||
|
+ while (true)
|
||||||
|
+ {
|
||||||
|
+ size_t remaining = scratch->buffer.length - scratch->buffer_used;
|
||||||
|
+ if (remaining >= length)
|
||||||
|
+ break;
|
||||||
|
+ if (!scratch_buffer_grow_preserve (&scratch->buffer))
|
||||||
|
+ return NULL;
|
||||||
|
+ }
|
||||||
|
+ char *copy = scratch->buffer.data + scratch->buffer_used;
|
||||||
|
+ memcpy (copy, s, length);
|
||||||
|
+ scratch->buffer_used += length;
|
||||||
|
+ return copy;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Copy S into SCRATCH, including its null terminator. Returns false
|
||||||
|
+ if SCRATCH could not be resized. */
|
||||||
|
+static bool
|
||||||
|
+addgetnetgrentX_append (struct addgetnetgrentX_scratch *scratch, const char *s)
|
||||||
|
+{
|
||||||
|
+ if (s == NULL)
|
||||||
|
+ s = "";
|
||||||
|
+ return addgetnetgrentX_append_n (scratch, s, strlen (s) + 1) != NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* Caller must initialize and free *SCRATCH. If the return value is
|
||||||
|
+ negative, this function has sent a notfound response. */
|
||||||
|
static time_t
|
||||||
|
addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
const char *key, uid_t uid, struct hashentry *he,
|
||||||
|
- struct datahead *dh, struct dataset **resultp,
|
||||||
|
- void **tofreep)
|
||||||
|
+ struct datahead *dh, struct addgetnetgrentX_scratch *scratch)
|
||||||
|
{
|
||||||
|
if (__glibc_unlikely (debug_level > 0))
|
||||||
|
{
|
||||||
|
@@ -132,14 +209,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
|
||||||
|
char *key_copy = NULL;
|
||||||
|
struct __netgrent data;
|
||||||
|
- size_t buflen = MAX (1024, sizeof (*dataset) + req->key_len);
|
||||||
|
- size_t buffilled = sizeof (*dataset);
|
||||||
|
- char *buffer = NULL;
|
||||||
|
size_t nentries = 0;
|
||||||
|
size_t group_len = strlen (key) + 1;
|
||||||
|
struct name_list *first_needed
|
||||||
|
= alloca (sizeof (struct name_list) + group_len);
|
||||||
|
- *tofreep = NULL;
|
||||||
|
|
||||||
|
if (netgroup_database == NULL
|
||||||
|
&& !__nss_database_get (nss_database_netgroup, &netgroup_database))
|
||||||
|
@@ -151,8 +224,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
}
|
||||||
|
|
||||||
|
memset (&data, '\0', sizeof (data));
|
||||||
|
- buffer = xmalloc (buflen);
|
||||||
|
- *tofreep = buffer;
|
||||||
|
first_needed->next = first_needed;
|
||||||
|
memcpy (first_needed->name, key, group_len);
|
||||||
|
data.needed_groups = first_needed;
|
||||||
|
@@ -195,8 +266,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
while (1)
|
||||||
|
{
|
||||||
|
int e;
|
||||||
|
- status = getfct.f (&data, buffer + buffilled,
|
||||||
|
- buflen - buffilled - req->key_len, &e);
|
||||||
|
+ status = getfct.f (&data, scratch->tmp.data,
|
||||||
|
+ scratch->tmp.length, &e);
|
||||||
|
if (status == NSS_STATUS_SUCCESS)
|
||||||
|
{
|
||||||
|
if (data.type == triple_val)
|
||||||
|
@@ -204,68 +275,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
const char *nhost = data.val.triple.host;
|
||||||
|
const char *nuser = data.val.triple.user;
|
||||||
|
const char *ndomain = data.val.triple.domain;
|
||||||
|
-
|
||||||
|
- size_t hostlen = strlen (nhost ?: "") + 1;
|
||||||
|
- size_t userlen = strlen (nuser ?: "") + 1;
|
||||||
|
- size_t domainlen = strlen (ndomain ?: "") + 1;
|
||||||
|
-
|
||||||
|
- if (nhost == NULL || nuser == NULL || ndomain == NULL
|
||||||
|
- || nhost > nuser || nuser > ndomain)
|
||||||
|
- {
|
||||||
|
- const char *last = nhost;
|
||||||
|
- if (last == NULL
|
||||||
|
- || (nuser != NULL && nuser > last))
|
||||||
|
- last = nuser;
|
||||||
|
- if (last == NULL
|
||||||
|
- || (ndomain != NULL && ndomain > last))
|
||||||
|
- last = ndomain;
|
||||||
|
-
|
||||||
|
- size_t bufused
|
||||||
|
- = (last == NULL
|
||||||
|
- ? buffilled
|
||||||
|
- : last + strlen (last) + 1 - buffer);
|
||||||
|
-
|
||||||
|
- /* We have to make temporary copies. */
|
||||||
|
- size_t needed = hostlen + userlen + domainlen;
|
||||||
|
-
|
||||||
|
- if (buflen - req->key_len - bufused < needed)
|
||||||
|
- {
|
||||||
|
- buflen += MAX (buflen, 2 * needed);
|
||||||
|
- /* Save offset in the old buffer. We don't
|
||||||
|
- bother with the NULL check here since
|
||||||
|
- we'll do that later anyway. */
|
||||||
|
- size_t nhostdiff = nhost - buffer;
|
||||||
|
- size_t nuserdiff = nuser - buffer;
|
||||||
|
- size_t ndomaindiff = ndomain - buffer;
|
||||||
|
-
|
||||||
|
- char *newbuf = xrealloc (buffer, buflen);
|
||||||
|
- /* Fix up the triplet pointers into the new
|
||||||
|
- buffer. */
|
||||||
|
- nhost = (nhost ? newbuf + nhostdiff
|
||||||
|
- : NULL);
|
||||||
|
- nuser = (nuser ? newbuf + nuserdiff
|
||||||
|
- : NULL);
|
||||||
|
- ndomain = (ndomain ? newbuf + ndomaindiff
|
||||||
|
- : NULL);
|
||||||
|
- *tofreep = buffer = newbuf;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- nhost = memcpy (buffer + bufused,
|
||||||
|
- nhost ?: "", hostlen);
|
||||||
|
- nuser = memcpy ((char *) nhost + hostlen,
|
||||||
|
- nuser ?: "", userlen);
|
||||||
|
- ndomain = memcpy ((char *) nuser + userlen,
|
||||||
|
- ndomain ?: "", domainlen);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- char *wp = buffer + buffilled;
|
||||||
|
- wp = memmove (wp, nhost ?: "", hostlen);
|
||||||
|
- wp += hostlen;
|
||||||
|
- wp = memmove (wp, nuser ?: "", userlen);
|
||||||
|
- wp += userlen;
|
||||||
|
- wp = memmove (wp, ndomain ?: "", domainlen);
|
||||||
|
- wp += domainlen;
|
||||||
|
- buffilled = wp - buffer;
|
||||||
|
+ if (!(addgetnetgrentX_append (scratch, nhost)
|
||||||
|
+ && addgetnetgrentX_append (scratch, nuser)
|
||||||
|
+ && addgetnetgrentX_append (scratch, ndomain)))
|
||||||
|
+ return send_notfound (fd);
|
||||||
|
++nentries;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
@@ -317,8 +330,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
}
|
||||||
|
else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE)
|
||||||
|
{
|
||||||
|
- buflen *= 2;
|
||||||
|
- *tofreep = buffer = xrealloc (buffer, buflen);
|
||||||
|
+ if (!scratch_buffer_grow (&scratch->tmp))
|
||||||
|
+ return send_notfound (fd);
|
||||||
|
}
|
||||||
|
else if (status == NSS_STATUS_RETURN
|
||||||
|
|| status == NSS_STATUS_NOTFOUND
|
||||||
|
@@ -351,10 +364,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
goto maybe_cache_add;
|
||||||
|
}
|
||||||
|
|
||||||
|
- total = buffilled;
|
||||||
|
+ /* Capture the result size without the key appended. */
|
||||||
|
+ total = scratch->buffer_used;
|
||||||
|
+
|
||||||
|
+ /* Make a copy of the key. The scratch buffer must not move after
|
||||||
|
+ this point. */
|
||||||
|
+ key_copy = addgetnetgrentX_append_n (scratch, key, req->key_len);
|
||||||
|
+ if (key_copy == NULL)
|
||||||
|
+ return send_notfound (fd);
|
||||||
|
|
||||||
|
/* Fill in the dataset. */
|
||||||
|
- dataset = (struct dataset *) buffer;
|
||||||
|
+ dataset = scratch->buffer.data;
|
||||||
|
timeout = datahead_init_pos (&dataset->head, total + req->key_len,
|
||||||
|
total - offsetof (struct dataset, resp),
|
||||||
|
he == NULL ? 0 : dh->nreloads + 1,
|
||||||
|
@@ -363,11 +383,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
dataset->resp.version = NSCD_VERSION;
|
||||||
|
dataset->resp.found = 1;
|
||||||
|
dataset->resp.nresults = nentries;
|
||||||
|
- dataset->resp.result_len = buffilled - sizeof (*dataset);
|
||||||
|
-
|
||||||
|
- assert (buflen - buffilled >= req->key_len);
|
||||||
|
- key_copy = memcpy (buffer + buffilled, key, req->key_len);
|
||||||
|
- buffilled += req->key_len;
|
||||||
|
+ dataset->resp.result_len = total - sizeof (*dataset);
|
||||||
|
|
||||||
|
/* Now we can determine whether on refill we have to create a new
|
||||||
|
record or not. */
|
||||||
|
@@ -398,7 +414,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
if (__glibc_likely (newp != NULL))
|
||||||
|
{
|
||||||
|
/* Adjust pointer into the memory block. */
|
||||||
|
- key_copy = (char *) newp + (key_copy - buffer);
|
||||||
|
+ key_copy = (char *) newp + (key_copy - (char *) dataset);
|
||||||
|
|
||||||
|
dataset = memcpy (newp, dataset, total + req->key_len);
|
||||||
|
cacheable = true;
|
||||||
|
@@ -439,7 +455,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
- *resultp = dataset;
|
||||||
|
+ scratch->dataset = dataset;
|
||||||
|
|
||||||
|
return timeout;
|
||||||
|
}
|
||||||
|
@@ -460,6 +476,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
if (user != NULL)
|
||||||
|
key = strchr (key, '\0') + 1;
|
||||||
|
const char *domain = *key++ ? key : NULL;
|
||||||
|
+ struct addgetnetgrentX_scratch scratch;
|
||||||
|
+
|
||||||
|
+ addgetnetgrentX_scratch_init (&scratch);
|
||||||
|
|
||||||
|
if (__glibc_unlikely (debug_level > 0))
|
||||||
|
{
|
||||||
|
@@ -475,12 +494,8 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
group, group_len,
|
||||||
|
db, uid);
|
||||||
|
time_t timeout;
|
||||||
|
- void *tofree;
|
||||||
|
if (result != NULL)
|
||||||
|
- {
|
||||||
|
- timeout = result->head.timeout;
|
||||||
|
- tofree = NULL;
|
||||||
|
- }
|
||||||
|
+ timeout = result->head.timeout;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
request_header req_get =
|
||||||
|
@@ -489,7 +504,10 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
.key_len = group_len
|
||||||
|
};
|
||||||
|
timeout = addgetnetgrentX (db, -1, &req_get, group, uid, NULL, NULL,
|
||||||
|
- &result, &tofree);
|
||||||
|
+ &scratch);
|
||||||
|
+ result = scratch.dataset;
|
||||||
|
+ if (timeout < 0)
|
||||||
|
+ goto out;
|
||||||
|
}
|
||||||
|
|
||||||
|
struct indataset
|
||||||
|
@@ -603,7 +621,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
- free (tofree);
|
||||||
|
+ addgetnetgrentX_scratch_free (&scratch);
|
||||||
|
return timeout;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -613,11 +631,12 @@ addgetnetgrentX_ignore (struct database_dyn *db, int fd, request_header *req,
|
||||||
|
const char *key, uid_t uid, struct hashentry *he,
|
||||||
|
struct datahead *dh)
|
||||||
|
{
|
||||||
|
- struct dataset *ignore;
|
||||||
|
- void *tofree;
|
||||||
|
- time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh,
|
||||||
|
- &ignore, &tofree);
|
||||||
|
- free (tofree);
|
||||||
|
+ struct addgetnetgrentX_scratch scratch;
|
||||||
|
+ addgetnetgrentX_scratch_init (&scratch);
|
||||||
|
+ time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, &scratch);
|
||||||
|
+ addgetnetgrentX_scratch_free (&scratch);
|
||||||
|
+ if (timeout < 0)
|
||||||
|
+ timeout = 0;
|
||||||
|
return timeout;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -661,5 +680,9 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he,
|
||||||
|
.key_len = he->len
|
||||||
|
};
|
||||||
|
|
||||||
|
- return addinnetgrX (db, -1, &req, db->data + he->key, he->owner, he, dh);
|
||||||
|
+ int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner,
|
||||||
|
+ he, dh);
|
||||||
|
+ if (timeout < 0)
|
||||||
|
+ timeout = 0;
|
||||||
|
+ return timeout;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
@ -1,3 +1,29 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 13 09:45:36 UTC 2024 - Andreas Schwab <schwab@suse.de>
|
||||||
|
|
||||||
|
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
|
||||||
|
nscd: Stack-based buffer overflow in netgroup cache
|
||||||
|
(CVE-2024-33599, bsc#1223423, BZ #31677)
|
||||||
|
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
|
||||||
|
nscd: Avoid null pointer crashes after notfound response
|
||||||
|
(CVE-2024-33600, bsc#1223424, BZ #31678)
|
||||||
|
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
|
||||||
|
nscd: Do not send missing not-found response in addgetnetgrentX
|
||||||
|
(CVE-2024-33600, bsc#1223424, BZ #31678)
|
||||||
|
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
|
||||||
|
netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
|
||||||
|
CVE-2024-33602, bsc#1223425, BZ #31680)
|
||||||
|
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
|
||||||
|
addgetnetgrentX (CVE-2024-33602, bsc#1223425)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 8 10:42:39 UTC 2024 - Andreas Schwab <schwab@suse.de>
|
||||||
|
|
||||||
|
- utmp-time-bits.patch: login: structs utmp, utmpx, lastlog _TIME_BITS
|
||||||
|
independence (BZ #30701)
|
||||||
|
- elf-parse-tunables.patch: elf: Only process multiple tunable once (BZ
|
||||||
|
#31686)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 29 17:42:43 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
|
Mon Apr 29 17:42:43 UTC 2024 - Giuliano Belinassi <giuliano.belinassi@suse.com>
|
||||||
|
|
||||||
|
16
glibc.spec
16
glibc.spec
@ -314,8 +314,20 @@ Patch1003: sigisemptyset.patch
|
|||||||
Patch1004: stdbit-builtins.patch
|
Patch1004: stdbit-builtins.patch
|
||||||
# PATCH-FIX-UPSTREAM iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
|
# PATCH-FIX-UPSTREAM iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
|
||||||
Patch1005: iconv-iso-2022-cn-ext.patch
|
Patch1005: iconv-iso-2022-cn-ext.patch
|
||||||
# PATCH-FIX-UPSTREAM: CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache
|
# PATCH-FIX-UPSTREAM login: structs utmp, utmpx, lastlog _TIME_BITS independence (BZ #30701)
|
||||||
Patch1006: glibc-fix-cve-2024-33599.patch
|
Patch1006: utmp-time-bits.patch
|
||||||
|
# PATCH-FIX-UPSTREAM elf: Only process multiple tunable once (BZ #31686)
|
||||||
|
Patch1007: elf-parse-tunables.patch
|
||||||
|
# PATCH-FIX-UPSTREAM nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599, BZ #31677)
|
||||||
|
Patch1008: glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch
|
||||||
|
# PATCH-FIX-UPSTREAM nscd: Do not send missing not found response in addgetnetgrentX (CVE-2024-33600, BZ #31678)
|
||||||
|
Patch1009: glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch
|
||||||
|
# PATCH-FIX-UPSTREAM nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600, BZ #31678)
|
||||||
|
Patch1010: glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch
|
||||||
|
# PATCH-FIX-UPSTREAM nscd netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, CVE-2024-33602, BZ #31680)
|
||||||
|
Patch1011: glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch
|
||||||
|
# PATCH-FIX-UPSTREAM nscd: Use time_t for return type of addgetnetgrentX (CVE-2024-33602)
|
||||||
|
Patch1012: nscd-netgroup-cache-timeout.patch
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
###
|
###
|
||||||
|
36
nscd-netgroup-cache-timeout.patch
Normal file
36
nscd-netgroup-cache-timeout.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From acc56074b0a5127631a64640aef1b7c5c103ebd8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Thu, 2 May 2024 17:06:19 +0200
|
||||||
|
Subject: [PATCH] nscd: Use time_t for return type of addgetnetgrentX
|
||||||
|
|
||||||
|
Using int may give false results for future dates (timeouts after the
|
||||||
|
year 2028).
|
||||||
|
|
||||||
|
Fixes commit 04a21e050d64a1193a6daab872bca2528bda44b ("CVE-2024-33601,
|
||||||
|
CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX
|
||||||
|
(bug 31680)").
|
||||||
|
|
||||||
|
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
||||||
|
(cherry picked from commit 4bbca1a44691a6e9adcee5c6798a707b626bc331)
|
||||||
|
---
|
||||||
|
nscd/netgroupcache.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
|
||||||
|
index e8fe041846..01d554af9c 100644
|
||||||
|
--- a/nscd/netgroupcache.c
|
||||||
|
+++ b/nscd/netgroupcache.c
|
||||||
|
@@ -680,8 +680,8 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he,
|
||||||
|
.key_len = he->len
|
||||||
|
};
|
||||||
|
|
||||||
|
- int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner,
|
||||||
|
- he, dh);
|
||||||
|
+ time_t timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner,
|
||||||
|
+ he, dh);
|
||||||
|
if (timeout < 0)
|
||||||
|
timeout = 0;
|
||||||
|
return timeout;
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
645
utmp-time-bits.patch
Normal file
645
utmp-time-bits.patch
Normal file
@ -0,0 +1,645 @@
|
|||||||
|
From 9831f98c266a8d56d1bf729b709c08e40375540c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Fri, 19 Apr 2024 14:38:17 +0200
|
||||||
|
Subject: [PATCH] login: Check default sizes of structs utmp, utmpx, lastlog
|
||||||
|
|
||||||
|
The default <utmp-size.h> is for ports with a 64-bit time_t.
|
||||||
|
Ports with a 32-bit time_t or with __WORDSIZE_TIME64_COMPAT32=1
|
||||||
|
need to override it.
|
||||||
|
|
||||||
|
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||||
|
(cherry picked from commit 4d4da5aab936504b2d3eca3146e109630d9093c4)
|
||||||
|
---
|
||||||
|
login/Makefile | 2 +-
|
||||||
|
login/tst-utmp-size.c | 33 +++++++++++++++++++++++++++++++++
|
||||||
|
sysdeps/arc/utmp-size.h | 3 +++
|
||||||
|
sysdeps/arm/utmp-size.h | 2 ++
|
||||||
|
sysdeps/csky/utmp-size.h | 2 ++
|
||||||
|
sysdeps/generic/utmp-size.h | 23 +++++++++++++++++++++++
|
||||||
|
sysdeps/hppa/utmp-size.h | 2 ++
|
||||||
|
sysdeps/m68k/utmp-size.h | 3 +++
|
||||||
|
sysdeps/microblaze/utmp-size.h | 2 ++
|
||||||
|
sysdeps/mips/utmp-size.h | 2 ++
|
||||||
|
sysdeps/nios2/utmp-size.h | 2 ++
|
||||||
|
sysdeps/or1k/utmp-size.h | 3 +++
|
||||||
|
sysdeps/powerpc/utmp-size.h | 2 ++
|
||||||
|
sysdeps/riscv/utmp-size.h | 2 ++
|
||||||
|
sysdeps/sh/utmp-size.h | 2 ++
|
||||||
|
sysdeps/sparc/utmp-size.h | 2 ++
|
||||||
|
sysdeps/x86/utmp-size.h | 2 ++
|
||||||
|
17 files changed, 88 insertions(+), 1 deletion(-)
|
||||||
|
create mode 100644 login/tst-utmp-size.c
|
||||||
|
create mode 100644 sysdeps/arc/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/arm/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/csky/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/generic/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/hppa/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/m68k/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/microblaze/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/mips/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/nios2/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/or1k/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/powerpc/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/riscv/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/sh/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/sparc/utmp-size.h
|
||||||
|
create mode 100644 sysdeps/x86/utmp-size.h
|
||||||
|
|
||||||
|
diff --git a/login/Makefile b/login/Makefile
|
||||||
|
index 1e22008a61..b26ac42bfc 100644
|
||||||
|
--- a/login/Makefile
|
||||||
|
+++ b/login/Makefile
|
||||||
|
@@ -44,7 +44,7 @@ subdir-dirs = programs
|
||||||
|
vpath %.c programs
|
||||||
|
|
||||||
|
tests := tst-utmp tst-utmpx tst-grantpt tst-ptsname tst-getlogin tst-updwtmpx \
|
||||||
|
- tst-pututxline-lockfail tst-pututxline-cache
|
||||||
|
+ tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size
|
||||||
|
|
||||||
|
# Empty compatibility library for old binaries.
|
||||||
|
extra-libs := libutil
|
||||||
|
diff --git a/login/tst-utmp-size.c b/login/tst-utmp-size.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..1b7f7ff042
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/login/tst-utmp-size.c
|
||||||
|
@@ -0,0 +1,33 @@
|
||||||
|
+/* Check expected sizes of struct utmp, struct utmpx, struct lastlog.
|
||||||
|
+ Copyright (C) 2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#include <utmp.h>
|
||||||
|
+#include <utmpx.h>
|
||||||
|
+#include <utmp-size.h>
|
||||||
|
+
|
||||||
|
+static int
|
||||||
|
+do_test (void)
|
||||||
|
+{
|
||||||
|
+ _Static_assert (sizeof (struct utmp) == UTMP_SIZE, "struct utmp size");
|
||||||
|
+ _Static_assert (sizeof (struct utmpx) == UTMP_SIZE, "struct utmpx size");
|
||||||
|
+ _Static_assert (sizeof (struct lastlog) == LASTLOG_SIZE,
|
||||||
|
+ "struct lastlog size");
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+#include <support/test-driver.c>
|
||||||
|
diff --git a/sysdeps/arc/utmp-size.h b/sysdeps/arc/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..a247fcd3da
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/arc/utmp-size.h
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+/* arc has less padding than other architectures with 64-bit time_t. */
|
||||||
|
+#define UTMP_SIZE 392
|
||||||
|
+#define LASTLOG_SIZE 296
|
||||||
|
diff --git a/sysdeps/arm/utmp-size.h b/sysdeps/arm/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/arm/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/csky/utmp-size.h b/sysdeps/csky/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/csky/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/generic/utmp-size.h b/sysdeps/generic/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..89dbe878b0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/generic/utmp-size.h
|
||||||
|
@@ -0,0 +1,23 @@
|
||||||
|
+/* Expected sizes of utmp-related structures stored in files. 64-bit version.
|
||||||
|
+ Copyright (C) 2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+/* Expected size, in bytes, of struct utmp and struct utmpx. */
|
||||||
|
+#define UTMP_SIZE 400
|
||||||
|
+
|
||||||
|
+/* Expected size, in bytes, of struct lastlog. */
|
||||||
|
+#define LASTLOG_SIZE 296
|
||||||
|
diff --git a/sysdeps/hppa/utmp-size.h b/sysdeps/hppa/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/hppa/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/m68k/utmp-size.h b/sysdeps/m68k/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..5946685819
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/m68k/utmp-size.h
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+/* m68k has 2-byte alignment. */
|
||||||
|
+#define UTMP_SIZE 382
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/microblaze/utmp-size.h b/sysdeps/microblaze/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/microblaze/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/mips/utmp-size.h b/sysdeps/mips/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/mips/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/nios2/utmp-size.h b/sysdeps/nios2/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/nios2/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/or1k/utmp-size.h b/sysdeps/or1k/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6b3653aa4d
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/or1k/utmp-size.h
|
||||||
|
@@ -0,0 +1,3 @@
|
||||||
|
+/* or1k has less padding than other architectures with 64-bit time_t. */
|
||||||
|
+#define UTMP_SIZE 392
|
||||||
|
+#define LASTLOG_SIZE 296
|
||||||
|
diff --git a/sysdeps/powerpc/utmp-size.h b/sysdeps/powerpc/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/powerpc/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/riscv/utmp-size.h b/sysdeps/riscv/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/riscv/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/sh/utmp-size.h b/sysdeps/sh/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/sh/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/sparc/utmp-size.h b/sysdeps/sparc/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/sparc/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
diff --git a/sysdeps/x86/utmp-size.h b/sysdeps/x86/utmp-size.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..8f21ebe1b6
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/x86/utmp-size.h
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+#define UTMP_SIZE 384
|
||||||
|
+#define LASTLOG_SIZE 292
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
||||||
|
From 836d43b98973e0845b739ff5d3aad3af09dc7d0f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Florian Weimer <fweimer@redhat.com>
|
||||||
|
Date: Fri, 19 Apr 2024 14:38:17 +0200
|
||||||
|
Subject: [PATCH] login: structs utmp, utmpx, lastlog _TIME_BITS independence
|
||||||
|
(bug 30701)
|
||||||
|
|
||||||
|
These structs describe file formats under /var/log, and should not
|
||||||
|
depend on the definition of _TIME_BITS. This is achieved by
|
||||||
|
defining __WORDSIZE_TIME64_COMPAT32 to 1 on 32-bit ports that
|
||||||
|
support 32-bit time_t values (where __time_t is 32 bits).
|
||||||
|
|
||||||
|
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||||
|
(cherry picked from commit 9abdae94c7454c45e02e97e4ed1eb1b1915d13d8)
|
||||||
|
---
|
||||||
|
bits/wordsize.h | 6 ++++--
|
||||||
|
login/Makefile | 4 +++-
|
||||||
|
login/tst-utmp-size-64.c | 2 ++
|
||||||
|
sysdeps/arm/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
sysdeps/csky/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
sysdeps/m68k/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
sysdeps/microblaze/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
sysdeps/mips/bits/wordsize.h | 6 +-----
|
||||||
|
sysdeps/nios2/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
sysdeps/powerpc/powerpc32/bits/wordsize.h | 3 +--
|
||||||
|
sysdeps/powerpc/powerpc64/bits/wordsize.h | 3 +--
|
||||||
|
sysdeps/sh/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
sysdeps/sparc/sparc32/bits/wordsize.h | 2 +-
|
||||||
|
sysdeps/sparc/sparc64/bits/wordsize.h | 3 +--
|
||||||
|
sysdeps/unix/sysv/linux/hppa/bits/wordsize.h | 21 +++++++++++++++++++
|
||||||
|
.../unix/sysv/linux/powerpc/bits/wordsize.h | 3 +--
|
||||||
|
sysdeps/unix/sysv/linux/sparc/bits/wordsize.h | 3 +--
|
||||||
|
sysdeps/x86/bits/wordsize.h | 5 ++---
|
||||||
|
18 files changed, 165 insertions(+), 22 deletions(-)
|
||||||
|
create mode 100644 login/tst-utmp-size-64.c
|
||||||
|
create mode 100644 sysdeps/arm/bits/wordsize.h
|
||||||
|
create mode 100644 sysdeps/csky/bits/wordsize.h
|
||||||
|
create mode 100644 sysdeps/m68k/bits/wordsize.h
|
||||||
|
create mode 100644 sysdeps/microblaze/bits/wordsize.h
|
||||||
|
create mode 100644 sysdeps/nios2/bits/wordsize.h
|
||||||
|
create mode 100644 sysdeps/sh/bits/wordsize.h
|
||||||
|
create mode 100644 sysdeps/unix/sysv/linux/hppa/bits/wordsize.h
|
||||||
|
|
||||||
|
diff --git a/bits/wordsize.h b/bits/wordsize.h
|
||||||
|
index 14edae3a11..53013a9275 100644
|
||||||
|
--- a/bits/wordsize.h
|
||||||
|
+++ b/bits/wordsize.h
|
||||||
|
@@ -21,7 +21,9 @@
|
||||||
|
#define __WORDSIZE32_PTRDIFF_LONG
|
||||||
|
|
||||||
|
/* Set to 1 in order to force time types to be 32 bits instead of 64 bits in
|
||||||
|
- struct lastlog and struct utmp{,x} on 64-bit ports. This may be done in
|
||||||
|
+ struct lastlog and struct utmp{,x}. This may be done in
|
||||||
|
order to make 64-bit ports compatible with 32-bit ports. Set to 0 for
|
||||||
|
- 64-bit ports where the time types are 64-bits or for any 32-bit ports. */
|
||||||
|
+ 64-bit ports where the time types are 64-bits and new 32-bit ports
|
||||||
|
+ where time_t is 64 bits, and there is no companion architecture with
|
||||||
|
+ 32-bit time_t. */
|
||||||
|
#define __WORDSIZE_TIME64_COMPAT32
|
||||||
|
diff --git a/login/Makefile b/login/Makefile
|
||||||
|
index b26ac42bfc..f91190e3dc 100644
|
||||||
|
--- a/login/Makefile
|
||||||
|
+++ b/login/Makefile
|
||||||
|
@@ -44,7 +44,9 @@ subdir-dirs = programs
|
||||||
|
vpath %.c programs
|
||||||
|
|
||||||
|
tests := tst-utmp tst-utmpx tst-grantpt tst-ptsname tst-getlogin tst-updwtmpx \
|
||||||
|
- tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size
|
||||||
|
+ tst-pututxline-lockfail tst-pututxline-cache tst-utmp-size tst-utmp-size-64
|
||||||
|
+
|
||||||
|
+CFLAGS-tst-utmp-size-64.c += -D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
|
||||||
|
|
||||||
|
# Empty compatibility library for old binaries.
|
||||||
|
extra-libs := libutil
|
||||||
|
diff --git a/login/tst-utmp-size-64.c b/login/tst-utmp-size-64.c
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..7a581a4c12
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/login/tst-utmp-size-64.c
|
||||||
|
@@ -0,0 +1,2 @@
|
||||||
|
+/* The on-disk layout must not change in time64 mode. */
|
||||||
|
+#include "tst-utmp-size.c"
|
||||||
|
diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/arm/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/csky/bits/wordsize.h b/sysdeps/csky/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/csky/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/m68k/bits/wordsize.h b/sysdeps/m68k/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/m68k/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/microblaze/bits/wordsize.h b/sysdeps/microblaze/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/microblaze/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/mips/bits/wordsize.h b/sysdeps/mips/bits/wordsize.h
|
||||||
|
index 57f0f2a22f..30dd3fd85d 100644
|
||||||
|
--- a/sysdeps/mips/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/mips/bits/wordsize.h
|
||||||
|
@@ -19,11 +19,7 @@
|
||||||
|
|
||||||
|
#define __WORDSIZE _MIPS_SZPTR
|
||||||
|
|
||||||
|
-#if _MIPS_SIM == _ABI64
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
-#else
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
-#endif
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
|
||||||
|
#if __WORDSIZE == 32
|
||||||
|
#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
diff --git a/sysdeps/nios2/bits/wordsize.h b/sysdeps/nios2/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/nios2/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/powerpc/powerpc32/bits/wordsize.h b/sysdeps/powerpc/powerpc32/bits/wordsize.h
|
||||||
|
index 04ca9debf0..6993fb6b29 100644
|
||||||
|
--- a/sysdeps/powerpc/powerpc32/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/powerpc/powerpc32/bits/wordsize.h
|
||||||
|
@@ -2,10 +2,9 @@
|
||||||
|
|
||||||
|
#if defined __powerpc64__
|
||||||
|
# define __WORDSIZE 64
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
#else
|
||||||
|
# define __WORDSIZE 32
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
# define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
# define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
#endif
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
diff --git a/sysdeps/powerpc/powerpc64/bits/wordsize.h b/sysdeps/powerpc/powerpc64/bits/wordsize.h
|
||||||
|
index 04ca9debf0..6993fb6b29 100644
|
||||||
|
--- a/sysdeps/powerpc/powerpc64/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/powerpc/powerpc64/bits/wordsize.h
|
||||||
|
@@ -2,10 +2,9 @@
|
||||||
|
|
||||||
|
#if defined __powerpc64__
|
||||||
|
# define __WORDSIZE 64
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
#else
|
||||||
|
# define __WORDSIZE 32
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
# define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
# define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
#endif
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
diff --git a/sysdeps/sh/bits/wordsize.h b/sysdeps/sh/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/sh/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/sparc/sparc32/bits/wordsize.h b/sysdeps/sparc/sparc32/bits/wordsize.h
|
||||||
|
index 4bbd2e63b4..a2e79e0fa9 100644
|
||||||
|
--- a/sysdeps/sparc/sparc32/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/sparc/sparc32/bits/wordsize.h
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/* Determine the wordsize from the preprocessor defines. */
|
||||||
|
|
||||||
|
#define __WORDSIZE 32
|
||||||
|
-#define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/sparc/sparc64/bits/wordsize.h b/sysdeps/sparc/sparc64/bits/wordsize.h
|
||||||
|
index 2f66f10d72..ea103e5970 100644
|
||||||
|
--- a/sysdeps/sparc/sparc64/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/sparc/sparc64/bits/wordsize.h
|
||||||
|
@@ -2,10 +2,9 @@
|
||||||
|
|
||||||
|
#if defined __arch64__ || defined __sparcv9
|
||||||
|
# define __WORDSIZE 64
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
#else
|
||||||
|
# define __WORDSIZE 32
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
# define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
# define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
#endif
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
diff --git a/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h b/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6ecbfe7c86
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/sysdeps/unix/sysv/linux/hppa/bits/wordsize.h
|
||||||
|
@@ -0,0 +1,21 @@
|
||||||
|
+/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
|
||||||
|
+ This file is part of the GNU C Library.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is free software; you can redistribute it and/or
|
||||||
|
+ modify it under the terms of the GNU Lesser General Public
|
||||||
|
+ License as published by the Free Software Foundation; either
|
||||||
|
+ version 2.1 of the License, or (at your option) any later version.
|
||||||
|
+
|
||||||
|
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||||
|
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
+ Lesser General Public License for more details.
|
||||||
|
+
|
||||||
|
+ You should have received a copy of the GNU Lesser General Public
|
||||||
|
+ License along with the GNU C Library; if not, see
|
||||||
|
+ <https://www.gnu.org/licenses/>. */
|
||||||
|
+
|
||||||
|
+#define __WORDSIZE 32
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+#define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
+#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h b/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h
|
||||||
|
index 04ca9debf0..6993fb6b29 100644
|
||||||
|
--- a/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/unix/sysv/linux/powerpc/bits/wordsize.h
|
||||||
|
@@ -2,10 +2,9 @@
|
||||||
|
|
||||||
|
#if defined __powerpc64__
|
||||||
|
# define __WORDSIZE 64
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
#else
|
||||||
|
# define __WORDSIZE 32
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
# define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
# define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
#endif
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
diff --git a/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h b/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h
|
||||||
|
index 7562875ee2..ea103e5970 100644
|
||||||
|
--- a/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/unix/sysv/linux/sparc/bits/wordsize.h
|
||||||
|
@@ -2,10 +2,9 @@
|
||||||
|
|
||||||
|
#if defined __arch64__ || defined __sparcv9
|
||||||
|
# define __WORDSIZE 64
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
#else
|
||||||
|
# define __WORDSIZE 32
|
||||||
|
# define __WORDSIZE32_SIZE_ULONG 0
|
||||||
|
# define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
#endif
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
diff --git a/sysdeps/x86/bits/wordsize.h b/sysdeps/x86/bits/wordsize.h
|
||||||
|
index 70f652bca1..3f40aa76f9 100644
|
||||||
|
--- a/sysdeps/x86/bits/wordsize.h
|
||||||
|
+++ b/sysdeps/x86/bits/wordsize.h
|
||||||
|
@@ -8,10 +8,9 @@
|
||||||
|
#define __WORDSIZE32_PTRDIFF_LONG 0
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
+
|
||||||
|
#ifdef __x86_64__
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 1
|
||||||
|
/* Both x86-64 and x32 use the 64-bit system call interface. */
|
||||||
|
# define __SYSCALL_WORDSIZE 64
|
||||||
|
-#else
|
||||||
|
-# define __WORDSIZE_TIME64_COMPAT32 0
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.45.0
|
||||||
|
|
Loading…
Reference in New Issue
Block a user